Why Claude Code Is Banning Accounts: Hidden Backdoor Targeting Chinese Users
Since June 2026, Anthropic’s Claude Code has abruptly banned hundreds of thousands of accounts, embedding a covert environment‑detection routine that uses steganography to flag Chinese time zones and proxy domains, while the appeal process is broken and the company’s explanations have sparked widespread criticism.
From the end of June 2026, a wave of unexpected bans hit Claude Code users worldwide. Both direct App Store purchasers and subscribers using third‑party payment channels received termination notices without warning.
Reverse‑engineering analysis by Reddit user LegitMich (el777) revealed that starting with version 2.1.91 released on 2 April 2026, Claude Code contains a hidden system‑environment detection module. The module performs two checks when a proxy is detected: it verifies whether the system time zone matches Asia/Shanghai or Asia/Urumqi, and it inspects the proxy URL against a hard‑coded list of 147 Chinese‑related domains, including Baidu, Alibaba, ByteDance, Moonshot AI, and MiniMax.
The detection results are not logged or shown to the user. Instead, Anthropic encodes the outcome using steganography inside the innocuous prompt “Today’s date is …”. If the time zone is identified as Chinese, the date separator changes from a hyphen to a slash (e.g., 2026-06-30 → 2026/06/30). Proxy‑URL detection is signaled by swapping visually similar Unicode apostrophe characters (’, ʼ, ʹ) within the same sentence.
According to the report, each variant conveys a clear signal to Anthropic: the user’s geographic location, proxy usage, and possible affiliation with a Chinese AI lab. Most of the detection logic is XOR‑obfuscated to avoid detection by ordinary code scanners, and the release notes for version 2.1.91 contain no mention of this mechanism, prompting some developers to label it a “backdoor”.
Anthropic’s Transparency Hub data shows that between July and December 2025 the platform banned 1.45 million accounts, received 52 000 appeals, and overturned only 1 700 of them (a success rate below 3.3%). High‑profile figures such as tech blogger Ruan Yifeng, developer Chi Jiangqiang, and OpenClaw founder Peter Steinberger were also affected, leading to community jokes that the ban logic has moved beyond targeting only Chinese users.
The appeal workflow compounds the frustration. Banned users receive an email with a link that redirects from claude.ai/restricted to claude.ai/new without ever displaying a form. Attempts to contact support result in a circular instruction to “return to the appeal page”, which continues to redirect. Some users discovered a workaround by contacting the official support bot and requesting a Google Form backup, but the process remains opaque.
On 1 July, Anthropic engineers responded via a Bluepoint report, describing the detection as an “experiment launched in March to prevent unauthorized resellers and mitigate model‑distillation attacks”. They claimed a stronger mitigation would be deployed soon and that the experiment would be rolled back in the next release.
Critics highlighted three core concerns: (1) lack of prior notice or privacy‑policy disclosure, (2) the timing of the explanation—only after community exposure—suggesting the experiment was a cover, and (3) a broader trust issue, arguing that the same mechanism could be repurposed to target other user groups, which they deem unethical and dangerous.
The controversy coincided with the launch of Claude Sonnet 5 and the U.S. Department of Commerce lifting export controls on Claude Fable 5 and Mythos 5. While Anthropic pushes product advancements, developer trust erodes, prompting industry ripple effects. Meta reportedly issued internal guidance restricting the use of Claude Code and OpenAI’s Codex due to concerns about model‑distillation contamination, indicating an emerging “AI model war” over output safety.
In Chinese developer communities, protest sites sprang up within minutes, and discussion threads on platforms like Linux.do placed “Anthropic mass bans spark outrage” at the top of the hot list.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
ITPUB
Official ITPUB account sharing technical insights, community news, and exciting events.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.
